WELCOME TO THE FACTORY OF THE FUTURE

Special video report. Whether it’s Germany’s Industry 4.0, Made in China 2025, or France’s Creative Industry, the goal is to build tomorrow’s factory. But how ? In an effort to find an answer, we went to Saclay near Paris where French researchers and manufacturers are developing and testing tomorrow’s industrial technologies in two lab factories. Watch our investigation report.

Cybersecurity.Mr. Robot got hacked on a fair in France, while WannaCry popularized a new form of cyber-attack: the ransomware.

Tradeshows. We were invited to attend PTC’s 2017 edition of LiveWorx that took place in late May in Boston. Watch our video report on the launch of ThingWorx8, the editor’s new version of its IoT platform.

Mobile and collaborative robots, virtual assembly lines, digital manufacturing. It’s not science fiction, but the fourth industrial revolution. Whether it’s Germany’s Industry 4.0, Made in China 2025, or France’s Creative Industry, the goal is the same—build tomorrow’s factory. The nature of international competition...

Mobile and collaborative robots, virtual assembly lines, digital manufacturing. It’s not science fiction, but the fourth industrial revolution. Whether it’s Germany’s Industry 4.0, Made in China 2025, or France’s Creative Industry, the goal is the same—build tomorrow’s factory. The nature of international competition makes it essential to innovate on the assembly line and modernize manufacturing systems to stay in the game.

How to prepare for this transformation?

In an effort to find an answer, we went to Saclay, near Paris. Here, French researchers and manufacturers are developing and testing tomorrow’s industrial technologies in two lab factories.

Service robots, AGVs, virtual reality. We’re at Industrie Lyon, the largest French industrial trade show. Every two years, 1000 small and medium-sized companies introduce their latest technologies. One of this year’s leading themes is cybersecurity. We’re talking to Manoel Bizien, a Stormshield engineer. Specializing in information security, the company is presenting a new industrial firewall and a cybersecurity plateform, which involved other companies such as Automatique & Industrie, Axians, Schneider and Siemens. Manoel suggests hacking a pharmaceutical industry robot to test the efficacy of the solution. He launches Stuxnet, the worm that attacked an Iranian nuclear plant in 2010. Watch the report.

Last month, more than 126,000 people in more than 100 countries were victim of a massive worldwide ransomeware attack, a form of hacking designed to encrypt the target’s data pending payment of a ransom. The WannaCry cyberattack infected U.K. National Health System, Spanish Telcommunication company Telefonica, French...

Last month, more than 126,000 people in more than 100 countries were victim of a massive worldwide ransomeware attack, a form of hacking designed to encrypt the target’s data pending payment of a ransom. The WannaCry cyberattack infected U.K. National Health System, Spanish Telcommunication company Telefonica, French Automaker Renault, German railway company Deutsche Bahn. Last year, the San Francisco Municipal Transport Agency was the victim of a ransomware attack. DirectIndustry e-magazine investigated this increasingly-common form of cyber attack.

In 2016, San Franciscans took 725,000 daily trips on Muni, the municipal transport system famous for its cable cars. However, on 25 November, some of those seeking to travel found themselves unable to pay fares using Muni ticket machines. The San Francisco Municipal Transport Agency (SFMTA) had fallen victim to a ransomware attack.

The attack affected only office computers, but the SFMTA turned off ticket machines and fare gates as a precaution. The organization said in a statement:

This action was to minimize any potential risk or inconvenience to Muni customers. The primary impact of the attack was to approximately 900 office computers. The SFMTA’s payroll system remained operational, but access to it was temporarily affected.

Nonetheless, this disruption to the seventh largest transport system in the US demonstrates the threat from ransomware attacks to industrial companies and offers a few lessons.

The Birth of a New Threat

Ransomware can infect systems in the same way as any other malware: through malicious payloads attached to emails, phishing scams and direct breaches of network security. Any organization can fall victim to such attacks, but industrial companies should be aware of the potential for hackers to exploit control and engineering systems with ransomware. According to Tim Erlin, vice president of product management and strategy at Tripwire, a software company which helps detect security vulnerabilities:

Whereas industrial systems relied on proprietary technology in the past, there is a general market trend for greater connectedness and more use of standard protocols. This makes them more exposed to the risks inherent in these technologies.

Although no cases of ransomware attacks on industrial systems have come to light, researchers at the Georgia Institute of Technology have developed PLC ransomware to find ways to counter it.

According to a paper published in February 2017,

Industrial control system networks have so far remained largely unscathed by malware, not because they are more secure than traditional networks, but because cybercriminals have yet to figure out a profitable business model to make such attacks worth their time. Recent attacks on hospitals have demonstrated how profitable ransomware can be when used to hold operationally critical assets hostage with the threat of human harm, and reports suggest attackers are beginning to shift their focus to ICS networks.

Spotlight on Attractive Targets

Manufacturing is already the second most common ransomware target, behind the services sector. It is the target of 17 % of attacks, while construction suffers 4% of attacks and transport, utilities and communications get 7%, according to research by security technology firm Symantec.

Andrew Wadsworth, cyber security expert with PA Consulting, says energy, rail and other infrastructure providers could prove lucrative targets for hackers using ransomware to exploit industrial control systems. The perpetrators of these attacks need not necessarily be experts in industrial systems, as these technologies often rely on standard systems, such as Cisco switches and Windows servers, he says.

I suspect that ransomware attackers will go where the money is. They have not necessarily figured out how much money they could make from industrial firms, but if they see that they can cause significant impact, then these companies become attractive targets.

Industrial companies vary in how well prepared they are.

Some do daily anti-virus updates on their control system because they have been built to do that. But there are a lot of legacy systems which are not easy or possible to update in that way because they are a generation out of date. The lifecycle of control systems is longer than general IT systems and there is still a lot of legacy out there.

However, the slow pace of change favors a security technique called whitelisting, which limits systems to running only approved services and applications. In general, whitelisting has been slow to take off, as it can be difficult to manage in complex, fast-moving IT environments. In industrial control systems, there is less complexity and slower change, so whitelisting could prove an efficient and effective defense against ransomware attacks, Wadsworth adds.

The technique is underused, but it’s a very elegant solution in this case.

Meanwhile, industrial firms are well advised to pay attention to basic “security hygiene” to prevent attacks, says Tripwire’s Erlin. They should ensure software patches are up to date, monitor networks for signs of intruders and regularly change passwords.

While it is no defense against attacks, backing up data can make them less effective. The SFMTA was grateful it had the back-up systems to restore its computers within a couple of days.

The SFMTA never considered paying the ransom. We have an information technology team in place that can restore our systems.

But for many industrial control systems, a couple of days might be 48 hours too late.

OTHER STORIES

Dancing laser beams opened PTC’s 2017 edition of LiveWorx that took place in late May at the Boston Exhibition Center. Clients, partners and even Barack Obama’s CTO, Aneesh Chopra, made it to New England for the launch of ThingWorx 8, the software editor ’s new version of its IoT platform. ThingWorx enables customers to easily build apps, merging data from the physical and digital worlds. We were invited to attend PTC CEO Jim Heppelmann’s keynote address. Watch our video report from Boston.

Yaskawa Motoman will introduce its YRC 1000 robot controller at São Paulo’s FEIMAFE 2017 tradeshow this month. The new model can control up to eight robots at a time, is more compact and has a faster processor. The company proposes custom solutions to respond to specific client needs. CEO Icaru Sakuyoshi said the firm’s autonomous robotic systemscan be installed without need for the significant investments required for complete Industry 4.0 conversion. This “smart investment” is suited to companies with limited resources or lacking access to the infrastructure required for the newest standards.

Today, industry faces cyber threats that are constantly evolving. The growing use of IT applications in the OT environment is enlarging digital footprints, at...

Today, industry faces cyber threats that are constantly evolving. The growing use of IT applications in the OT environment is enlarging digital footprints, at the cost of increasing exposure to cyberattack. Effective industrial cybersecurity requires a holistic approach.

Andrew Avanessian is a vice president at security software company Avecto. For him, cybercrime is now the biggest threat facing industrial companies.

The complex supply chains often associated with the industrial sector provide cybercriminals with a multitude of hiding places and easy access to the corporate system.

With the threat of data theft and distributed denials of service, ransomware and malware attacks on the rise, Juniper Research predicts the cost of industrial cybercrime will reach US$2 trillion by 2019. Cybersecurity Ventures expects the figure to climb to US$6 trillion by 2021.

A 2016 survey by analytical service provider HfS Research polled 208 security professionals at companies with over 500 employees. Over half the respondents had experienced data theft or corruption by external cybercriminals. Jamie Snowdon, chief data officer at HfS explains:

Cybercrime is real and the risk for industry is much greater than it was five years ago. It is increasingly hard to keep pace with the variety of cybersecurity threats out there.

Threat Development

Courtesy of SurfWatch Labs

The rise of big data, mobile computing and the IoT is revolutionizing how industrial companies operate. Unfortunately, a huge number of mobile and IoT devices are vulnerable to cyberattack. Guy Rosefelt, web security expert at security solution provider NSFOCUS, explains:

The vast majority of IoT devices have poor security because the software these devices run was never designed with security in mind.

The IoT cybersecurity threat came to prominence last year with the attack on Dyn, a company that controls much of the internet’s domain name system. The botnet, a network of private computers infected with malicious software involved in the attack, was largely made up of IoT devices such as digital cameras and DVRs. For Adam Meyer, chief security strategist at cyber threat solution provider SurfWatch Labs, 2017 will witness increasingly creative IoT attacks.

Vendors will work in new security precautions, but cybercriminals will focus their attention on new ways to leverage IoT devices for their own malicious purposes.

A growing number of companies are now taking steps to boost their cybersecurity, but more is needed. The combination of an inadequate regulatory environment, a lack of awareness and poor IT/OT segmentation means many industrial facilities are still highly exposed to attack, adds Meyer.

A lot of industrial organizations have infrastructure that has been in place for a long time. It’s a real challenge to pivot towards the new reality of today’s cyber threats.

For all industrial sectors, effective organizational cybersecurity is about understanding the company’s operating environment and proactively looking for new and existing threats. Whether it’s being victimized by phishing attacks or the use of unprotected mobile phones with access to enterprise data and networks, humans are generally accepted to be the weakest link in any cybersecurity system.

Poor organizational cybersecurity culture coupled with poor user awareness of cyber threats are the two greatest insider risks to most companies. These are also the cheapest problems to put right and can yield the greatest improvements.

Avecto’s Microsoft Vulnerabilities Report 2016 revealed that 94% of critical Microsoft vulnerabilities were mitigated by simply removing admin rights. Assigning user privileges means that employees are only given access to the applications needed to perform their jobs. Avecto’s Avanessian says:

This technology should be layered with application whitelisting, which ensures that only trusted programs can launch, and content isolation solutions, which keep any potentially malicious online content separate from the corporate system.

Taking a proactive approach to cybersecurity invariably impacts the bottom line. But in the face of intensifying cyber threats, the cost of doing nothing makes action imperative. For HfS Research’s Snowdon,

Companies must adopt a holistic approach to cyber risk mitigation. This should include cybersecurity talent and training, robust testing systems and a budget and finance rethink.

Join our 155,000 subscribers

Tel Aviv-based industrial cyber security company Indegy was founded to prevent operational disruptions from cyber attacks, malicious insiders and human error. DirectIndustry e-magazine talked to Dana Tamir, VP of Marketing, about providing comprehensive visibility into and management of industrial control networks.

DirectIndustry e-magazine: Please tell us about your platform.

Dana Tamir: The Indegy platform is based on proprietary patent-pending technologies developed by our team of industrial control systems (ICS) security experts. It is purpose-built to provide real-time visibility, situational awareness and activity monitoring for ICS networks and to alert personnel to events that might disrupt operations.

DirectIndustry e-magazine: Can you explain the technologies?

Dana Tamir: Control Plane Inspection (CPI) is a passive, deep-packet inspection engine specifically designed for the unique characteristics of industrial control systems. It monitors all control plane engineering activities performed over proprietary, vendor-specific protocols and captures changes to controller logic, hardware configuration, firmware downloads/uploads, user settings and tag additions/deletions. CPI provides real time alerts and a comprehensive audit trail of all activities performed over the operational network. Agentless Controller Validation (ACV) is a patent-pending technology used for validating the integrity of control devices and ensures no unauthorized changes are made. It surveys the controllers using their native certified protocols and API, guaranteeing zero impact on performance while gaining maximum visibility. It periodically verifies control device firmware, control logic and settings, providing full visibility. ACV captures all changes to programmable logic controllers, remote terminal units and distributed control system controllers, whether performed over the network or directly on the physical devices.

DirectIndustry e-magazine: How do these elements help protect a system from cyber attacks?

Dana Tamir: Each core technology focuses on different and unique aspects of the control plane activities and solves different ICS visibility challenges. The combination of these innovative technologies provides unmatched visibility into ICS activities, especially control plane events that impact critical controller logic. It ensures all activities are captured.

DirectIndustry e-magazine: Where do the cyber attacks usually come from?

Dana Tamir: Cyber threats can come from external sources or already exist within the network. Regardless of the source, Indegy identifies in real time any suspicious or unauthorized activity and sends an alert to enable engineering and security staff to respond before damage occurs. The detailed alerts and comprehensive audit trail enable our customers to quickly pinpoint the nature of unknown ICS activities and decide how to mitigate threats.

DirectIndustry e-magazine: Who are your main customers?

Dana Tamir: They include power, energy and water utilities, chemical, pharma and consumer goods manufacturing companies, automotive manufacturers and food and beverage companies.

Swiss firm Climeworks has announced the opening of the world’s first CO2 capture plant. It will grab carbon dioxide from the air around a waste incinerator and stock it for resale to a nearby greenhouse. The carbon dioxide will be filtered, absorbed by sponges and heated to 100°, transforming it into a valuable solid fertilizer. The absorption-desorption process takes advantage of an innovative filter material to create purified CO2 in a single step. The 900 tons to be delivered to the greenhouse annually should increase production by 20 to 30%. Other potential markets include the food and beverage industry and the production of renewable materials. Unsold CO2 can be stored underground to reduce global warming. The company can build plants handling anywhere from 50 to a million tons of CO2 per year. However, to capture just one percent of global emissions would require the installation of 750,000 containerized collectors.

Singapore-based Otsaw Digital recently introduced its O-R3 automated ground-aerial surveillance system, a world first. It combines an autonomous robotic security vehicle and a companion drone. Thanks to machine learning, the surface vehicle can avoid obstacles, spot abandoned bags and other suspect objects, and use facial and license plate recognition to distinguish authorized from unauthorized presence. The drone is housed within the vehicle and launched from a slide-out rear platform. It can track intruders up to 100 meters from the vehicle. The system can operate 24/7 and the vehicle returns to a charging station automatically when the battery is low. Alerts are sent to a security center for human evaluation. Otsaw notes that its system is designed to replace routine, low-level security tasks, freeing trained personnel for more complex operations, including taking control of the vehicle whenever necessary. A smaller indoor system is in the works.

Arburg’s concrete application of Industry 4.0 is a flexible, automated production line producing customized luggage tags by injection molding and additive...

Arburg’s concrete application of Industry 4.0 is a flexible, automated production line producing customized luggage tags by injection molding and additive manufacturing. This answers the question everyone’s asking: What really is Industry 4.0? At Hannover Messe, we followed Arburg’s production of a smart luggage tag from station to station. Watch our report to know more.

Birds are real pests in many situations, and can constitute a significant hazard for airplanes. While most attempts to control bird landings in the past have failed, a new laser technology seems to be working well.

In the Netherlands, Bird Control Group and the Technical University of Delft have teamed to develop laser technology which is achieving success rates of up to 100%. Both organizations dedicated years of research to develop the ultimate laser beam. This was accomplished by applying a combination of highly precise optics, filtering and light frequencies. By using this technology, the company says it has come up with an effective, yet harmless method of repelling birds.

The company’s Agrilaser Autonomic is a stationary installation which works automatically. The Agrilaser and Aerolaser Handheld devices are compact portable units which can be used in a wide variety of situations. Steinar Henskes, chief executive officer of Bird Control Group, said their systems reduce the number of birds by 70 to 100%.

The principle of repelling birds with a laser beam is inspired by nature. Birds perceive the approaching laser beam as a physical object. It stimulates their survival instinct, causing the birds to fly away. That is the same reflex as a car that drives towards birds. This is a different stimuli as sound, which is a sign for a physical danger but there is nothing visible. It is also different from a stationary danger, like the old fashioned scarecrow. This is visible but does not move towards birds and therefore causes habituation.

Courtesy of Bird Control Group

According to Henskes, the technology has been developed to go into safe mode when using at airports, so as not to disturb aircraft landing or taking off nor to affect pilots.

We developed a patented safety feature which measures when the laser beam is projecting into a predefined dangerous area and switches it off. We call it the Horizon Safety System.

The laser can also be set to point directly at the ground and is only used to disperse birds resting on the ground or on man made structures. In the case of airports it should never be pointed into the sky, therefore not shining directly into planes or pilot eyes.

An English organic egg farm in West Sussex has found an original use for the new technology. Orchard Eggs installed the laser system to scare off migratory birds, preventing them mixing with the farm’s chickens. This allows the chickens to stay outdoors without fear of bird flu contamination.

CONTRIBUTORS

Camille Rustici

Camille Rustici is a Video Journalist and the Editor-in-Chief for DirectIndustry e-magazine. She has years of experience in business issues for various media including France 24, Associated Press, Radio France…

Lindsay Clark

Lindsay Clark is a freelance journalist specializing in computing. He has won industry awards as news editor at Computer Weekly. He has also written for newspapers including The Guardian, The Financial Times…

Chris McCullough

Chris McCullough is a freelance multimedia journalist with 15 years of experience, based in Northern Ireland, with experience in farming and politics. He has won various awards for his photos and journalism.